Pages

Saturday, 20 April 2013

Sakura Exploit Pack

(Cross posted from Underground Forum)

Intro: Можно сказать что связка прошла успешное испытание временем, доказала свою конкурентноспособность и право на существование.
Я уверен что она придется по вкусу многим. Добро пожаловать в проект Sakura!

Текущая версия 1.1

В связку на данный момент входят:
- Java Rhino
- Java Obe
- Pdf Libtiff

Изменения:
- Внедрены дополнительные механизмы защиты эксплоитов
- Добавлен модуль проверки домена/ip по блеклистам
- Добавлен список юзерагентов основных ботов
- Добавлена возможность установки беклинка(по умолчанию 404 ошибка) для непробитого траффа
- Mac, Linux траффик и браузер Google Сhrome по умолчанию считаются неуникальным траффиком.


Возможности:
- Статистика по странам/источникам/браузерам/версиям ОС
- Поддержка потоков с разными настройками
- Ребилд связки на новый ip/домен через админку

Цена:
- 2000$/месяц при потоках <100к траффика в сутки. При больших потоках цена обговаривается отдельно.
- За 30% траффа US,CA,UK,AU при потоках >50к сутки.
Связка предоставляется бесплатно! Вы не покупаете лицензию.

За что вы платите:
1)Чистки - Постоянные чистки. Моя основная задача - поддерживать постоянную чистоту.
Вам не придется беспокоится об этом, я сам проверяю несколько раз в день и при палеве автоматически заливаю на ваш сервер.
2)Обновления
3)Написание любых нужных вам модулей, функционала

Особенности связки:
Связка ставится на Ваш сервер.

Время работы:
- пн-пт 10.00-19.00(мск)
- выходные - суббота,воскресение.

Screens





Detailed Screens

http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html

Styx Exploit Pack



(Cross posted from Underground forum )

Styx Sploit Pack

Gentlemen, it's a time to announce a new next generation product for your viewing pleasure: Styx Vulnerability Browser Stress Test Platform 2.0.

Our team worked hardly around three years to make a quality product which will be trustful for any person. Also we made a deep testing so this product already tested with our crypt.

Possibilities:

Updating via GIT from the master-server twice a day with any detect of any sploit;
No domains binding: you can specify any number of domains without rebuild;
There are no restrictions on traffic. Flow as many traffic as your channels and its hardware server can handle; Traffic must flow.
Speed. The product is able to handle as many connections as your MIPS processor.
Working with sub accounts: you can split any traffic flows to different sub accounts, share files and watch for the most quality traffic;
Flexible statistics: we use MongoDB (NoSQL-stores) on each sub account, browsers, country, operating system, time;
Two variants of rent: use can use the product on your servers or on our server;
Package. Deployment on your server with one script will take around two minutes.
Dynamic URL Flow link generation. Each link on which traffic flows is unique. This way makes a lack of possibility to detect the URL by the signature. Only domain.
Support for downloading files from a remote host. You can upload files to your sub account remotely.
Having a flexible API for all types of operations: each operation, which is available through the administrative interface is a command, and it's repeated by the API;
Checking the IP / Domain to the presence of black-lists through friendly service GhostBusters;
Quiet operation: like falling from a tree sakura flower, all the product is quiet;

Frequently asked questions:

Q: WTF Styx Sploit Pack?

A: This is a modern new generation exploit pack written by Styx team from scratch. It has been tested on huge traffic: 500К - 2КК in last 1,5 years.

Q: What's the differences between Styx Sploit Pack and BH, Phoenix, Sakura?

A: Our product is much more professional then other products: we written all exploits from scratch, we don't need rebuilds, we have really rapid product cleaning on demand, we have good support, also we have ticket system and 'All inclusive' package which includes everything: setup, cleaning, support, consulting.

We don't have a term 'rebuild for a new domain', 'how much is FUD', and 'when it will be FUD?' Paid once a month you will have stable and professional work all time you use the product and it will fully satisfy you.

Q: What exploits are included to package?

A: Java, PDF, Abobe Flash and their derivatives.

Q: What's the % hit, where can I see stats?

A: Stats really depends on traffic. This means that all people showing stats are cheaters and cheating all newbies because it's no way to make real life stats like that on pictures.

We will not fool you with stats pictures and huge numbers but the truth is out there (: -- our % hit and stats is better than any product which is available in market at this time. We have from 1 to 10% more but it only depends on traffic.

Q: What's the guaranteed support time and reaction?

A: Support is available in two modes: ticket system and realtime (jabber, online). You will have full 24x7 support all paid time.

Q: What will I get for this money?

A: You will get the product, installed to your server, setup to work with TDS and consulting and cleaning for 1 month. We don't have to 'rebuild for a new domain', our product works fine without any rebuilds, you just have to specify paths in settings. Guaranteed clean time is two hours from alert. In this way you will have a full freedom: you don't need to wait for anybody to rebuild or clean, exploit pack works with any your domains and server demands are low.

We think these arguments are enough to explain quality and price for private customers.

Q: How much does it cost?

A: $3000 per month.

Q: Can I buy sources?

A: No. (=

Q: What are hardware requirements?

A: They are fully democratic: we need only 512Mb RAM and 100Mbit channel to work comfortably. We also demand good OS installed to server: we don't support Windows or any *BSD.

Q: What about domains? How can I see if it's in stop-list?

A: We recommend you to use Ghost Busters or CHK4ME services for that, write a simple script and setup it up to cron to 1/2 hour.

Q: TDS? What TDS do you support and what TDS are compatible?

A: Any adequate TDS. We recommend you to use Sutra.

Q: Are your sploits packed?

A: Each exploit is cyphered and obfuscated from AVs at our service Styx Crypt.

Q: Is there browser fall down?

A: We have a small % of browser fall down so it can be ignored at all because it only depends on user's OS and browser version installed, so just ignore them.

Q: Is Chrome hit?

A: No.

Q: Can I make a test?

A: Yes.

Q: What are test demands for me?

A: You should provide us abuse-immunity server with root access with OS Linux installed (Debian is preferred), installed TDS (to filter unused traffic: mobile useragents, Mac, Linux, Chrome), you should provide us FUD EXE to be loaded from pack (no detections at all with size < 4Mb) and a clean domain.

Q: What shoud I get from test?

A: We will provide a full URL (from your domain) to allow you to 'make the spice flow (:' - to put there traffic. Two hours will be enough to let you to see % hit. EXE you provided will be loaded and you can check knoks from it. It's clear to understand that % hit fully depends on traffic quality so we will not accept any complain about it.

Q: Which language is sploit-pack written?

A: Usermode is written on PHP5, but exploit coge and generator — is no matter for you.

Q: What database do you use?

A: We use last MySQL version.

Q: So what is real hit percentage?

A: You can see it by yourself by requesting a test. We will not fool you by specifying huge numbers in «35%» and / or «right 2% higher then BH». Anoone who once tried to compare sploit packs knows what the hellish job this is: you need to have perfectly ideal traffic, same servers must work absolutely in same mode and so on. In real life quality can be determined by only one parameter: by testing. Of course this depends on your traffic.

Q: So why are you better? For what do I pay money?

A: For the first, by hit percentage. For the second, by flexible integrated system which can be used in any huge infrastucture. Our product is flexible and scalable and these features are used some times by different partnership programs. This flexibility allows you to work with more clients on same server then BH due to reduced file sizes and due to no PHP obfuscation. For the third, updates, support and cleaning. You don't have to pay for «domain switching / rebuilding» and «cleaning». We will just update pack on server. For the fourth, all new sploits are always included to pack first right after all tests passed on all browsers and OSes with all SPs. We don't search for any public sploits we research my ourselves and in some cases we buy technologies. So you see that this is - Perpetuum Mobile, but in same cases is Perfectum Mobile.